CVE-2023-4299

Q: What is the severity of CVE-2023-4299?

CVE-2023-4299 has a CVSS score of 9.0 (CRITICAL). CVE-2023-4299 is an authentication bypass vulnerability in Digi RealPort Protocol that allows attackers to replay authentication packets to gain unauthorized access to connected industrial equipment. This affects organizations using Digi RealPort for serial-to-Ethernet connectivity in industrial control systems (ICS) and operational technology (OT) environments.

9.0 CRITICAL

Authentication Bypass

📋 TL;DR

CVE-2023-4299 is an authentication bypass vulnerability in Digi RealPort Protocol that allows attackers to replay authentication packets to gain unauthorized access to connected industrial equipment. This affects organizations using Digi RealPort for serial-to-Ethernet connectivity in industrial control systems (ICS) and operational technology (OT) environments.

💻 Affected Systems

Products:

Digi RealPort

Versions: All versions prior to patched versions

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects RealPort protocol implementation across Digi products using this serial tunneling protocol.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full control of connected industrial equipment, potentially causing physical damage, production shutdowns, or safety incidents in critical infrastructure.

🟠

Likely Case

Unauthorized access to serial-connected devices allowing data theft, configuration changes, or disruption of industrial processes.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, though authentication bypass remains possible.

🌐 Internet-Facing: HIGH - If RealPort services are exposed to the internet, attackers can easily exploit this without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems can exploit this, but requires network access to RealPort services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Replay attacks are relatively simple to execute once network access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Digi security advisory for specific patched versions

Vendor Advisory: https://www.digi.com/resources/security/alerts/realport-cves

Restart Required: Yes

Instructions:

1. Review Digi security advisory ICSA-23-243-04 2. Download and apply appropriate firmware/software updates 3. Restart affected devices and services 4. Verify patch application

🔧 Temporary Workarounds

Network Segmentation

all

Isolate RealPort services from untrusted networks and implement strict firewall rules

Access Control Lists

all

Implement IP-based access restrictions to limit which systems can connect to RealPort services

🧯 If You Can't Patch

Implement strict network segmentation and zero-trust principles for RealPort traffic
Deploy network monitoring and intrusion detection specifically for RealPort protocol anomalies

🔍 How to Verify

Check if Vulnerable:

Check RealPort version against Digi's patched versions list in their security advisory

Check Version:

Check device firmware/software version through Digi device management interface

Verify Fix Applied:

Verify updated version is running and test authentication mechanisms

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts followed by successful access
Unusual source IP addresses accessing RealPort services

Network Indicators:

Repeated authentication packets from same source
RealPort traffic from unexpected network segments

SIEM Query:

source_port:771 AND (event_type:"authentication" OR protocol:"RealPort")

📊 Metadata

CVE ID: CVE-2023-4299

CVSS v3 Score: 9.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-836

Published: August 31, 2023

Last Updated: November 21, 2024

🔗 References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04 Third Party Advisory,US Government Resource
https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf Vendor Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04 Third Party Advisory,US Government Resource
https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Cm Firmware by Digi

Connect Es Firmware by Digi

Connect Sp Firmware by Digi

Connectport Lts 8\/16\/32 Firmware by Digi

Connectport Ts 8\/16 Firmware by Digi

One Ia Firmware by Digi

One Iap Firmware by Digi

One Sp Firmware by Digi

One Sp Ia Firmware by Digi

Passport Firmware by Digi

Portserver Ts Firmware by Digi

Portserver Ts M Mei Firmware by Digi

Portserver Ts Mei Firmware by Digi

Portserver Ts Mei Hardened Firmware by Digi

Portserver Ts P Mei Firmware by Digi

Realport by Digi